With more than 40% of the global population using social media and posting petabytes of digital content every day, it should hardly come as a surprise that the medium has become a frequent target of cybercriminals. In a recent survey, we discovered that 82% of respondents believed that the use of social media in the workplace heightened the risk of a cyber threats.
While the privacy and reputational risks associated with irresponsible social media use often get the most attention, cyberattacks have actually proven to be the greatest threats. Our survey also found that Facebook, Twitter, Instagram, and WhatsApp were considered the highest-risk apps. Notably, Twitter is the only one of these apps that is not owned by Facebook. This may be influenced by the rising lack of trust in Facebook and its subsidiaries, as exemplified by a recent data leak that exposed 540 million records.
Social Media Expands the Attack Surface Beyond Traditional Endpoint Protections
Attacks carried out over social media have increased 4x in recent years, with malicious messages opened more frequently than phishing emails. However, these channels emerged after commonly deployed cyber defenses, like firewall, endpoint security, even CASBs. It’s easier for bad actors to compromise these digital endpoints because they are outside the perimeter of traditional corporate security. The more ingrained social media and other cloud-based digital channels become with core business processes, the further the attack surface expands.
The new challenge for businesses is how to extend endpoint security protection across these channels at the account level, and in-app. That includes protecting against malicious links, content, and users on LinkedIn, for example, - regardless of whether employees are signed in on their desktop or using the mobile app on their personal phones. Data is being transmitted in app, that’s where the crown jewels are. App-layer security, or digital endpoint, is the only way to gain visibility into the channels, and also have the power to take action.
Social Media Is the Obvious Venue for Social Engineering Scams
Today, people spend far more time on social media than they do checking email. With built-in instant messaging features and full mobile functionality, platforms like Facebook are highly accessible, leading online social interactions to take up over two hours per day for the average user. This makes social platforms the obvious venue for attackers seeking to launch social engineering attacks, either en-masse or highly targeted. In fact, many attackers use practices that mirror those of legitimate businesses to boost trust among potential victims.
The use of social media in the workplace has become a business imperative now that brands are expected to be consistently present and highly available. Unfortunately, this also makes them vulnerable. Social engineering attackers routinely target employees and executive-level staff alike. These attacks tend to go for higher-ranking employees with access to a wealth of high-value data and business accounts.
Attackers also use social media for finding and learning about their next targets in the same way that a home invader might case a property in advance of an assault. The wealth of information that people often post about themselves on social media helps attackers build intimate profiles of their potential targets. They can then use this information to build trust under the guise of a trusted friend or colleague. If an attacker manages to take over an account, such as a vulnerable business account belonging to a former employee, then they appear to be even more authentic.
How Can Businesses Use Social Media without Adding Risk?
The vast reach of social media and the implied trust that these channels carry make them both an invaluable business asset and one of its greatest threats. However, disallowing their use in the workplace is not an option in an age when businesses have become so reliant on them for digital growth. Instead, information security managers need to find a way to manage risk on these vulnerable channels. To use them safely, all incoming and outgoing content needs to be thoroughly vetted, and unauthorized and compromised accounts must be taken down without delay. It’s vital that businesses extend their security practices and policies to these third-party platforms to ensure that they can innovate without adding risk.
SafeGuard Cyber is the leading SaaS platform for managing the full lifecycle of digital risk protection on social media. With pervasive channel coverage, it allows organizations to use social, mobile and collaboration networks without fear. Request your demo today to see how it works.